Hi Tero,
Thanks for the clarification. I don't want to resurrect the idea here but I feel compelled to respond to this: On 5/9/21 4:21 AM, Tero Kivinen wrote:
And also I think shared key authentication also offeres exactly same benefits than authentication with public key encryption for the deniability point of view (i.e., either end can calculate everything as long as they know the shared secret).
With public key encryption, anyone is able to construct what looks like a valid IKE conversation between any two participants by using publicly available information (i.e. their certificates). For that capability to be done with shared key authentication it would require the shared key used for "authentication" to be known by everyone, which sort of voids the whole security of the protocol. Basically, the shared key authentication mode would only be the equivalent of public key encryption authentication mode when using the Pre-shared Key for the Internet [1], which was an April Fools draft and (I think this bears repeating these days) was not intended to be taken seriously. regards, Dan. [1] https://datatracker.ietf.org/doc/html/draft-ietf-ipsec-internet-key -- "The object of life is not to be on the side of the majority, but to escape finding oneself in the ranks of the insane." -- Marcus Aurelius _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
